In traditional crypto systems, each user is assigned a secret key, and then e.g. a Base Station (BS) encrypts the messages to the mobile users so that only the user with the correct key can decrypt and recover the original message. This system can be made secure, but suffers from the problem of key distribution. The distribution is both costly and unreliable. If there is an eavesdropper that somehow manages to steal the key of some user, then the communication to that user is totally un-protected. In the modern world, and in simulated wars, the main strategy to break a crypto system is to steal the key as there cannot be any “mathematical protection” against person B stealing person A's key. Further, distributing keys to, literally speaking, millions of customers are not easy tasks and impose significant economical overheads and costs.
An alternative to key-based crypto systems is Physical Layer Security (PLS). In PLS, one exploits the fact that the user (the reader can view a “user” as e.g. a mobile station or a UE in 3GPP LTE system) and the eavesdropper (an enemy that tries to overhear the transmission) have different communication channels. Associated to each particular channel is its Shannon capacity. The Shannon capacity is the highest bit rate that can be transmitted over the channel without any bit errors, and the reader can think of Shannon capacity as the maximal bit rate that his/her mobile phone can operate with at any given time. This Shannon capacity has absolutely nothing to do with crypto systems, but the following classical results establishes a link.
Theorem of secrecy capacity (SC): Let CIU be the Shannon capacity to the Intended User (IU), and CED to the Eavesdropper (ED). Then, without any formal cryptosystem, the bit rate CSC=CIU−CED can be transmitted with perfect security to the intended user.
Let us exemplify this result with a simple example: Person A is walking around downtown and is downloading documents at a bit rate of 10 Mbit/s, while the channel is actually so good that A could have downloaded at a rate 25 Mbit/s (i.e. the Shannon capacity of the channel). Person A is intentionally backing off the peak rate. Now, another person B—the eavesdropper—is also downtown and can overhear the transmission to person A, and the Shannon capacity of the channel to person B is slightly worse than to person A, namely 18 Mbit/s. According to the theorem of SC, the SC is the difference of the two Shannon capacities, i.e. 25−18=7 Mbit/s. But, person A is downloading at a higher rate that the secrecy capacity, which implies that his transmission is not secure and person B can steal his data. If person A would have been careful, person A would have downloaded with a much smaller rate, say, 3 Mbit/s, and then person A's link would be safe even without any cryptosystem.
Now, the relation among the numbers in the previous example is representative for “normal” (i.e. small) MIMO, systems but for massive MIMO systems the situation changes drastically. Current multiple antenna (MIMO) systems use at most 8 antennas at the base station side. However, massive MIMO systems are actively researched and are one of the “hot areas” within the technical field. A massive MIMO system scales up the number of antennas with >1 order of magnitude, and a 1000 antenna base station are not ruled out in these scenarios. Massive MIMO is likely to become a key technology in future 5G wireless systems.
For massive MIMO, the ratio of the Shannon capacity to the eavesdropper and the Shannon capacity to the intended user will be very close to 0; closer to 0 the more antennas at the base station. This implies that the SC is almost identical to the Shannon capacity to the intended user. In our example, we would have that CIU=25 Mbit/s, but a typical value for CED with 60-80 antennas would be, say, CED=0.5 Mbit/s. Hence, the user's data is perfectly safe as 10<25−0.5=24.5. In fact, the user can download at rates very close the peak data rate and there is no need for any crypto system as the link is guaranteed to be safe by the mentioned Theorem of SC.
The inventor has therefore identified the neat result that a passive eavesdropper (i.e., one that just walks around and listens to the channel) cannot do any harm to the PLS of a massive MIMO system. Therefore, it has been concluded that a clever eavesdropper will change into an active mode by using a so called pilot attack. What the eavesdropper will do is simply to transmit some cleverly chosen signals with the overall effect that some of the Shannon capacity to the intended user will be “stolen”, and the problem is that the intended user does not know that it is stolen, the intended user can only see that the capacity is low.
Let us continue with our example. The eavesdropper transmits a few pilot signals with the end effect is that CED=10 Mbit/s and CIU=15 Mbit/s, so that CSC=5 Mbit/s, and since the data rate is 10 Mbit/s, which exceeds the SC, the transmission is no longer safe. The problem is that the intended user only sees that intended user has CIU=15 Mbit/s, but has no idea that CED=10 Mbit/s. Therefore the intended user does not know that the transmission is not safe and cannot take any countermeasures.